<!DOCTYPE html>
<meta charset="utf-8">
<title>WebAuthn navigator.credentials.create() authenticator selection Tests</title>
<meta name="timeout" content="long">
<link rel="author" title="Adam Powers" href="mailto:adam@fidoalliance.org">
<link rel="help" href="https://w3c.github.io/webauthn/#iface-credential">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src=helpers.js></script>
<body></body>
<script>
standardSetup(function() {
    "use strict";

    var defaultAuthnrSel = {
        authenticatorAttachment: "cross-platform",
        requireResidentKey: false,
        userVerification: "preferred"
    };
    // attachment
    var authnrSelAttachPlatform = cloneObject(defaultAuthnrSel);
    authnrSelAttachPlatform.authenticatorAttachment = "platform";
    // resident key
    var authnrSelRkTrue = cloneObject(defaultAuthnrSel);
    authnrSelRkTrue.requireResidentKey = true;
    var authnrSelRkBadString = cloneObject(defaultAuthnrSel);
    authnrSelRkBadString.requireResidentKey = "foo";
    // user verification
    var authnrSelUvRequired = cloneObject(defaultAuthnrSel);
    authnrSelUvRequired.userVerification = "required";

    // authenticatorSelection bad values
    new CreateCredentialsTest("options.publicKey.authenticatorSelection", "").runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection is empty string", TypeError);
    new CreateCredentialsTest("options.publicKey.authenticatorSelection", "none").runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection is string", TypeError);

    // authenticatorSelection bad attachment values
    // the physically plugged-in or virtual authenticator should be a cross-platform authenticator.
    new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelAttachPlatform)
      .modify("options.publicKey.timeout", 300)
      .runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection attachment platform", "NotAllowedError");

    // authenticatorSelection bad requireResidentKey values
    // the physically plugged-in or virtual authenticator should not support resident keys
    new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelRkTrue)
      .modify("options.publicKey.timeout", 300)
      .runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection residentKey true", "NotAllowedError");

    // authenticatorSelection bad userVerification values
    // the physically plugged-in or virtual authenticator should not support user verification
    new CreateCredentialsTest("options.publicKey.authenticatorSelection", authnrSelUvRequired)
      // this assertion will time out the test under default parameters since the browser will wait for a platform authenticator
      .modify("options.publicKey.timeout", 300)
      .runTest("Bad AuthenticatorSelectionCriteria: authenticatorSelection userVerification required", "NotAllowedError");
});

/* JSHINT */
/* globals standardSetup, CreateCredentialsTest, cloneObject */
</script>
